on 03-14-2016 2:57 AM
Hi experts,
I'm using X.509 certificate, I have two Servers, both available on SAPGUI and WebGUI.
But I'm facing some problems.
I can logon using SSO in Server A, both SAPGUI and WebGUI.
I can logon using SSO in Server B, only SAPGUI, but WebGUI still prompts logon page asking for ID and Password.
It seems that my Secure Login Client works well, and the configurations on Server A and B works because I can SSO in SAPGUI.
So what might be the problem that causes my failed to logon to Server B in WebGUI?
Hello Blangero,
Please, make sure that you have correct user mappings for the second server. See the details here:
Rule-Based Certificate Mapping - Using X.509 Client Certificates on the AS ABAP - SAP Library
Regards,
Donka Dimitrova
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Donka,
Thanks for your reply, I checked the mapping mentioned by you but seems no error on that.
According to SAP help document, I should do the followings to make SSO work for SAP GUI for HTML using X.509 certificates:
If you are configuring X.509 certificate logon for Web services, you do not have to set this parameter.
2. Restart the ICManager (using transaction SMICM).
3. Maintain the server’s SSL server PSE.
Use the trust manager (transaction STRUST) and import the issuing CA’s root certificate into this PSE’s certificate list.
4. Maintain the user mapping in table USREXTID (for example, using the table maintenance transaction SM30, view VUSREXTID).
And in 3., it says Maintain the server’s SSL server PSE, but in Tcode STRUST I didn't find anything called 'SSL server PSE', but I find one called SSL server Standard, is that what 3. mentioned? Because I find that in Server B, SSL server Standard Certificate List do not have the one I see in Server A which is the certificate I have.
Hello Blangero,
See the details here:
Creating an SSL Server PSE - Transport Layer Security on SAP NetWeaver AS for ABAP - SAP Library
Regards,
Donka Dimitrova
If now the name is SSL server Standard, then I know what causes the problem.
In server A, the the certificate for SSO is imported correctly,
In server B, it's not. the certificate exist in System PSE but not in SSL Server Standard.
That's the reason.
And I only to know why, but I think I'm not allowed to change this setting . Getting to know the whys are enough for me.
Thanks Donka for your help!
Hello
I have exactly this error. SSO with GUI works, not when I start WebGui. Do you remember what the reason was?
Thanks for your answer
Regards
Claudio
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hallo,
have you compared the SICF services for the WebGUI in both systems?
Regards
Thomas.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Thomas,
I've compared the services and they are the same, I've found out the reason, thanks for your reply!
Regards,
Blangero
User | Count |
---|---|
80 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.